Source: libzypp
Version: 15.3.0-1
Severity: serious
Justification: Policy 8.1
The libzypp binary package contains a public shared library
(libzypp.so.1503), and zypper depends on it.
Policy ยง8.1 says:
> The run-time shared library must be placed in a package whose name
> changes whenever the SONAME of the shared library changes.
In this case, the shared library package should be libzypp1503,
and zypper should depend on that. I realise this is going to
involve a lot of going through the NEW queue, but that's what
happens if a library doesn't have a stable ABI.
In addition, libzypp does not generate correct dependencies
via its shlibs or symbol file: zypper depends on "libzypp",
with no version specified. In particular, there is nothing to stop a
user from installing libzypp/jessie (contains libzypp.so.1429) in
conjunction with zypper/stretch (requires libzypp.so.1503), or vice
versa, which will cause the dynamic linker to fail before zypper
has started. The requirement I quoted is there precisely so that
this sort of thing does not happen.
If you are not going to follow ABI-based naming (libzypp1503),
then you need some other solution to make the broken situations
impossible, for example making the shlibs/symbols generate a
dependency on "libzypp (>= 15.3), libzypp (<< 15.4)", and adding
Breaks for older versions of zypper that did not pick up this
dependency. I expect that the easiest way will be to use the
ABI-based naming as intended, instead.
For the C++ transition (#797867) an additional constraint is
that the version of libzypp that has been compiled with g++-5
needs a Breaks on versions of zypper that may have been compiled
with g++-4.
S
